Please use this identifier to cite or link to this item:
https://hdl.handle.net/2440/108055
Citations | ||
Scopus | Web of Science® | Altmetric |
---|---|---|
?
|
?
|
Type: | Conference paper |
Title: | Make sure DSA signing exponentiations really are constant-time |
Author: | García, C. Brumley, B. Yarom, Y. |
Citation: | Proceedings of the ACM Conference on Computer and Communications Security, 2016, vol.24-28-October-2016, pp.1639-1650 |
Publisher: | ACM |
Issue Date: | 2016 |
ISBN: | 9781450341394 |
ISSN: | 1543-7221 |
Conference Name: | 23rd ACM Conference on Computer and Communications Security (CCS) (24 Oct 2016 - 28 Oct 2016 : Vienna, Austria) |
Statement of Responsibility: | Cesar Pereida García, Billy Bob Brumley, Yuval Yarom |
Abstract: | TLS and SSH are two of the most commonly used proto- cols for securing Internet traffic. Many of the implemen- tations of these protocols rely on the cryptographic primi- tives provided in the OpenSSL library. In this work we dis- close a vulnerability in OpenSSL, affecting all versions and forks (e.g. LibreSSL and BoringSSL) since roughly October 2005, which renders the implementation of the DSA signa- ture scheme vulnerable to cache-based side-channel attacks. Exploiting the software defect, we demonstrate the first pub- lished cache-based key-recovery attack on these protocols: 260 SSH-2 handshakes to extract a 1024/160-bit DSA host key from an OpenSSH server, and 580 TLS 1.2 handshakes to extract a 2048/256-bit DSA key from an stunnel server. |
Keywords: | Applied cryptography; digital signatures; side-channel anal- ysis; timing attacks; cache-timing attacks; DSA; OpenSSL; CVE-2016-2178 |
Rights: | © 2016 Copyright held by the owner/author(s). This work is under a Creative Commons Attribution- NonCommercial_Sharealike International 4.0 License |
DOI: | 10.1145/2976749.2978420 |
Published version: | http://dx.doi.org/10.1145/2976749.2978420 |
Appears in Collections: | Aurora harvest 8 Computer Science publications |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
hdl_108055.pdf | Published version | 598.6 kB | Adobe PDF | View/Open |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.